comparing c55549f13de3df83212c03a61971e88a4c03e67c and main on ryan.freumh.org/eilean-nix

+41 -59

flake.lock

···

       22
        
               "nixpkgs": [

     

       23
        
                 "nixpkgs"

     

       24
        
               ],

     

       25
       -
               "opam-nix": "opam-nix",

     

       26
       -
               "opam-repository": "opam-repository"

     

       27
        
             },

     

       28
        
             "locked": {

     

       29
       -
               "lastModified": 1718122335,

     

       30
       -
               "narHash": "sha256-ooeplCUj5dY2KT840ecFtR+iDq1V2iB5rDsFqjbdFSs=",

     

       31
        
               "owner": "RyanGibb",

     

       32
        
               "repo": "eon",

     

       33
       -
               "rev": "87b7ec1cd6cb7dc0f950d8d37a91845465780faf",

     

       34
        
               "type": "github"

     

       35
        
             },

     

       36
        
             "original": {

     
···

       42
        
           "flake-compat": {

     

       43
        
             "flake": false,

     

       44
        
             "locked": {

     

       45
       -
               "lastModified": 1627913399,

     

       46
       -
               "narHash": "sha256-hY8g6H2KFL8ownSiFeMOjwPC8P0ueXpCVEbxgda3pko=",

     

       47
        
               "owner": "edolstra",

     

       48
        
               "repo": "flake-compat",

     

       49
       -
               "rev": "12c64ca55c1014cdc1b16ed5a804aa8576601ff2",

     

       50
        
               "type": "github"

     

       51
        
             },

     

       52
        
             "original": {

     
···

       76
        
               "systems": "systems"

     

       77
        
             },

     

       78
        
             "locked": {

     

       79
       -
               "lastModified": 1710146030,

     

       80
       -
               "narHash": "sha256-SZ5L6eA7HJ/nmkzGG7/ISclqe6oZdOZTNoesiInkXPQ=",

     

       81
        
               "owner": "numtide",

     

       82
        
               "repo": "flake-utils",

     

       83
       -
               "rev": "b1d9ab70662946ef0850d488da1c9019f3a9752a",

     

       84
        
               "type": "github"

     

       85
        
             },

     

       86
        
             "original": {

     
···

       92
        
           "mirage-opam-overlays": {

     

       93
        
             "flake": false,

     

       94
        
             "locked": {

     

       95
       -
               "lastModified": 1661959605,

     

       96
       -
               "narHash": "sha256-CPTuhYML3F4J58flfp3ZbMNhkRkVFKmBEYBZY5tnQwA=",

     

       97
        
               "owner": "dune-universe",

     

       98
        
               "repo": "mirage-opam-overlays",

     

       99
       -
               "rev": "05f1c1823d891ce4d8adab91f5db3ac51d86dc0b",

     

       100
        
               "type": "github"

     

       101
        
             },

     

       102
        
             "original": {

     
···

       109
        
             "inputs": {

     

       110
        
               "blobs": "blobs",

     

       111
        
               "flake-compat": "flake-compat_2",

     

       112
       -
               "nixpkgs": "nixpkgs",

     

       0
        
       
     

       0
        
       
     

       113
        
               "nixpkgs-24_05": "nixpkgs-24_05",

     

       114
        
               "utils": "utils"

     

       115
        
             },

     

       116
        
             "locked": {

     

       117
       -
               "lastModified": 1718182050,

     

       118
        
               "narHash": "sha256-m5JQT/RIegSLZJx41Cv7d8Xoa2KKq+5uLkgB5KJR5D0=",

     

       119
        
               "owner": "RyanGibb",

     

       120
        
               "repo": "nixos-mailserver",

     

       121
       -
               "rev": "fe7d01cbded4ab866d2ca42ea9374b41ab753e3f",

     

       122
       -
               "type": "github"

     

       123
        
             },

     

       124
        
             "original": {

     

       125
        
               "owner": "RyanGibb",

     

       126
        
               "ref": "fork-24.05",

     

       127
        
               "repo": "nixos-mailserver",

     

       128
       -
               "type": "github"

     

       129
        
             }

     

       130
        
           },

     

       131
        
           "nixpkgs": {

     

       132
        
             "locked": {

     

       133
       -
               "lastModified": 1709703039,

     

       134
       -
               "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",

     

       135
       -
               "owner": "NixOS",

     

       136
        
               "repo": "nixpkgs",

     

       137
       -
               "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",

     

       138
        
               "type": "github"

     

       139
        
             },

     

       140
        
             "original": {

     

       141
       -
               "id": "nixpkgs",

     

       142
       -
               "ref": "nixos-unstable",

     

       143
       -
               "type": "indirect"

     

       0
        
       
     

       144
        
             }

     

       145
        
           },

     

       146
        
           "nixpkgs-24_05": {

     
···

       158
        
               "type": "indirect"

     

       159
        
             }

     

       160
        
           },

     

       161
       -
           "nixpkgs_2": {

     

       162
       -
             "locked": {

     

       163
       -
               "lastModified": 1717952948,

     

       164
       -
               "narHash": "sha256-mJi4/gjiwQlSaxjA6AusXBN/6rQRaPCycR7bd8fydnQ=",

     

       165
       -
               "owner": "nixos",

     

       166
       -
               "repo": "nixpkgs",

     

       167
       -
               "rev": "2819fffa7fa42156680f0d282c60d81e8fb185b7",

     

       168
       -
               "type": "github"

     

       169
       -
             },

     

       170
       -
             "original": {

     

       171
       -
               "owner": "nixos",

     

       172
       -
               "ref": "nixos-24.05",

     

       173
       -
               "repo": "nixpkgs",

     

       174
       -
               "type": "github"

     

       175
       -
             }

     

       176
       -
           },

     

       177
        
           "opam-nix": {

     

       178
        
             "inputs": {

     

       179
        
               "flake-compat": "flake-compat",

     
···

       187
        
                 "nixpkgs"

     

       188
        
               ],

     

       189
        
               "opam-overlays": "opam-overlays",

     

       190
       -
               "opam-repository": [

     

       191
       -
                 "eon",

     

       192
       -
                 "opam-repository"

     

       193
       -
               ],

     

       194
        
               "opam2json": "opam2json"

     

       195
        
             },

     

       196
        
             "locked": {

     

       197
       -
               "lastModified": 1703105504,

     

       198
       -
               "narHash": "sha256-z7X1i2T1H37Lj9hEIJA5T0+sdE5E+PSWiiSyvYGyGSY=",

     

       199
       -
               "owner": "RyanGibb",

     

       200
        
               "repo": "opam-nix",

     

       201
       -
               "rev": "ccf2e75e8854aefe933c4e504f436a3b315802ee",

     

       202
        
               "type": "github"

     

       203
        
             },

     

       204
        
             "original": {

     

       205
       -
               "owner": "RyanGibb",

     

       206
       -
               "ref": "pin-depends-path",

     

       207
        
               "repo": "opam-nix",

     

       208
        
               "type": "github"

     

       209
        
             }

     
···

       211
        
           "opam-overlays": {

     

       212
        
             "flake": false,

     

       213
        
             "locked": {

     

       214
       -
               "lastModified": 1654162756,

     

       215
       -
               "narHash": "sha256-RV68fUK+O3zTx61iiHIoS0LvIk0E4voMp+0SwRg6G6c=",

     

       216
        
               "owner": "dune-universe",

     

       217
        
               "repo": "opam-overlays",

     

       218
       -
               "rev": "c8f6ef0fc5272f254df4a971a47de7848cc1c8a4",

     

       219
        
               "type": "github"

     

       220
        
             },

     

       221
        
             "original": {

     
···

       227
        
           "opam-repository": {

     

       228
        
             "flake": false,

     

       229
        
             "locked": {

     

       230
       -
               "lastModified": 1712915335,

     

       231
       -
               "narHash": "sha256-CLxKnc9GgeNom5LzGhDyq4ZP8Mx8NtwYsg2YQfcSk3U=",

     

       232
        
               "owner": "ocaml",

     

       233
        
               "repo": "opam-repository",

     

       234
       -
               "rev": "03178cf5192dd1a55105844365e56a2294cd9225",

     

       235
        
               "type": "github"

     

       236
        
             },

     

       237
        
             "original": {

     
···

       266
        
             "inputs": {

     

       267
        
               "eon": "eon",

     

       268
        
               "nixos-mailserver": "nixos-mailserver",

     

       269
       -
               "nixpkgs": "nixpkgs_2"

     

       270
        
             }

     

       271
        
           },

     

       272
        
           "systems": {

···

       22
        
               "nixpkgs": [

     

       23
        
                 "nixpkgs"

     

       24
        
               ],

     

       25
       +
               "opam-nix": "opam-nix"

     

       0
        
       
     

       26
        
             },

     

       27
        
             "locked": {

     

       28
       +
               "lastModified": 1738666931,

     

       29
       +
               "narHash": "sha256-dTF+etN5ZDPVwK8XV/huQByY6JohiVgpCfzVJWAZY1I=",

     

       30
        
               "owner": "RyanGibb",

     

       31
        
               "repo": "eon",

     

       32
       +
               "rev": "42523d1d8f720215ab5108a1b42e9c5b7d17d4bf",

     

       33
        
               "type": "github"

     

       34
        
             },

     

       35
        
             "original": {

     
···

       41
        
           "flake-compat": {

     

       42
        
             "flake": false,

     

       43
        
             "locked": {

     

       44
       +
               "lastModified": 1696426674,

     

       45
       +
               "narHash": "sha256-kvjfFW7WAETZlt09AgDn1MrtKzP7t90Vf7vypd3OL1U=",

     

       46
        
               "owner": "edolstra",

     

       47
        
               "repo": "flake-compat",

     

       48
       +
               "rev": "0f9255e01c2351cc7d116c072cb317785dd33b33",

     

       49
        
               "type": "github"

     

       50
        
             },

     

       51
        
             "original": {

     
···

       75
        
               "systems": "systems"

     

       76
        
             },

     

       77
        
             "locked": {

     

       78
       +
               "lastModified": 1731533236,

     

       79
       +
               "narHash": "sha256-l0KFg5HjrsfsO/JpG+r7fRrqm12kzFHyUHqHCVpMMbI=",

     

       80
        
               "owner": "numtide",

     

       81
        
               "repo": "flake-utils",

     

       82
       +
               "rev": "11707dc2f618dd54ca8739b309ec4fc024de578b",

     

       83
        
               "type": "github"

     

       84
        
             },

     

       85
        
             "original": {

     
···

       91
        
           "mirage-opam-overlays": {

     

       92
        
             "flake": false,

     

       93
        
             "locked": {

     

       94
       +
               "lastModified": 1710922379,

     

       95
       +
               "narHash": "sha256-j4QREQDUf8oHOX7qg6wAOupgsNQoYlufxoPrgagD+pY=",

     

       96
        
               "owner": "dune-universe",

     

       97
        
               "repo": "mirage-opam-overlays",

     

       98
       +
               "rev": "797cb363df3ff763c43c8fbec5cd44de2878757e",

     

       99
        
               "type": "github"

     

       100
        
             },

     

       101
        
             "original": {

     
···

       108
        
             "inputs": {

     

       109
        
               "blobs": "blobs",

     

       110
        
               "flake-compat": "flake-compat_2",

     

       111
       +
               "nixpkgs": [

     

       112
       +
                 "nixpkgs"

     

       113
       +
               ],

     

       114
        
               "nixpkgs-24_05": "nixpkgs-24_05",

     

       115
        
               "utils": "utils"

     

       116
        
             },

     

       117
        
             "locked": {

     

       118
       +
               "lastModified": 1718183756,

     

       119
        
               "narHash": "sha256-m5JQT/RIegSLZJx41Cv7d8Xoa2KKq+5uLkgB5KJR5D0=",

     

       120
        
               "owner": "RyanGibb",

     

       121
        
               "repo": "nixos-mailserver",

     

       122
       +
               "rev": "9dc7a8d40232f600e6ca1e78356cd4398665b46b",

     

       123
       +
               "type": "gitlab"

     

       124
        
             },

     

       125
        
             "original": {

     

       126
        
               "owner": "RyanGibb",

     

       127
        
               "ref": "fork-24.05",

     

       128
        
               "repo": "nixos-mailserver",

     

       129
       +
               "type": "gitlab"

     

       130
        
             }

     

       131
        
           },

     

       132
        
           "nixpkgs": {

     

       133
        
             "locked": {

     

       134
       +
               "lastModified": 1732981179,

     

       135
       +
               "narHash": "sha256-F7thesZPvAMSwjRu0K8uFshTk3ZZSNAsXTIFvXBT+34=",

     

       136
       +
               "owner": "nixos",

     

       137
        
               "repo": "nixpkgs",

     

       138
       +
               "rev": "62c435d93bf046a5396f3016472e8f7c8e2aed65",

     

       139
        
               "type": "github"

     

       140
        
             },

     

       141
        
             "original": {

     

       142
       +
               "owner": "nixos",

     

       143
       +
               "ref": "nixos-24.11",

     

       144
       +
               "repo": "nixpkgs",

     

       145
       +
               "type": "github"

     

       146
        
             }

     

       147
        
           },

     

       148
        
           "nixpkgs-24_05": {

     
···

       160
        
               "type": "indirect"

     

       161
        
             }

     

       162
        
           },

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       163
        
           "opam-nix": {

     

       164
        
             "inputs": {

     

       165
        
               "flake-compat": "flake-compat",

     
···

       173
        
                 "nixpkgs"

     

       174
        
               ],

     

       175
        
               "opam-overlays": "opam-overlays",

     

       176
       +
               "opam-repository": "opam-repository",

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       177
        
               "opam2json": "opam2json"

     

       178
        
             },

     

       179
        
             "locked": {

     

       180
       +
               "lastModified": 1732617437,

     

       181
       +
               "narHash": "sha256-jj25fziYrES8Ix6HkfSiLzrN6MZjiwlHUxFSIuLRjgE=",

     

       182
       +
               "owner": "tweag",

     

       183
        
               "repo": "opam-nix",

     

       184
       +
               "rev": "ea8b9cb81fe94e1fc45c6376fcff15f17319c445",

     

       185
        
               "type": "github"

     

       186
        
             },

     

       187
        
             "original": {

     

       188
       +
               "owner": "tweag",

     

       0
        
       
     

       189
        
               "repo": "opam-nix",

     

       190
        
               "type": "github"

     

       191
        
             }

     
···

       193
        
           "opam-overlays": {

     

       194
        
             "flake": false,

     

       195
        
             "locked": {

     

       196
       +
               "lastModified": 1726822209,

     

       197
       +
               "narHash": "sha256-bwM18ydNT9fYq91xfn4gmS21q322NYrKwfq0ldG9GYw=",

     

       198
        
               "owner": "dune-universe",

     

       199
        
               "repo": "opam-overlays",

     

       200
       +
               "rev": "f2bec38beca4aea9e481f2fd3ee319c519124649",

     

       201
        
               "type": "github"

     

       202
        
             },

     

       203
        
             "original": {

     
···

       209
        
           "opam-repository": {

     

       210
        
             "flake": false,

     

       211
        
             "locked": {

     

       212
       +
               "lastModified": 1732612513,

     

       213
       +
               "narHash": "sha256-kju4NWEQo4xTxnKeBIsmqnyxIcCg6sNZYJ1FmG/gCDw=",

     

       214
        
               "owner": "ocaml",

     

       215
        
               "repo": "opam-repository",

     

       216
       +
               "rev": "3d52b66b04788999a23f22f0d59c2dfc831c4f32",

     

       217
        
               "type": "github"

     

       218
        
             },

     

       219
        
             "original": {

     
···

       248
        
             "inputs": {

     

       249
        
               "eon": "eon",

     

       250
        
               "nixos-mailserver": "nixos-mailserver",

     

       251
       +
               "nixpkgs": "nixpkgs"

     

       252
        
             }

     

       253
        
           },

     

       254
        
           "systems": {

+11 -6

flake.nix

···

       1
        
       {

     

       2
        
         inputs = {

     

       3
       -
           nixpkgs.url = "github:nixos/nixpkgs/nixos-24.05";

     

       4
       -
           nixos-mailserver.url = "github:RyanGibb/nixos-mailserver/fork-24.05";

     

       5
        
           eon.url = "github:RyanGibb/eon";

     

       0
        
       
     

       6
        
           eon.inputs.nixpkgs.follows = "nixpkgs";

     

       0
        
       
     

       7
        
         };

     

       8
        
       

     

       9
       -
         outputs = { self, nixpkgs, nixos-mailserver, eon, ... }: rec {

     

       10
        
           packages = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (system:

     

       11
        
             let pkgs = nixpkgs.legacyPackages.${system};

     

       12
       -
             in { manpage = import ./man { inherit pkgs system nixos-mailserver; }; });

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       13
        
       

     

       14
        
           nixosModules.default = {

     

       15
        
             imports = [

     
···

       17
        
               nixos-mailserver.nixosModule

     

       18
        
               eon.nixosModules.default

     

       19
        
               eon.nixosModules.acme

     

       20
       -
               ({ pkgs, config, ... }: {

     

       21
        
                 nixpkgs.overlays = [

     

       22
        
                   (final: prev: {

     

       23
        
                     mautrix-meta = (prev.callPackage ./pkgs/mautrix-meta.nix { });

     

       24
        
                   })

     

       25
        
                 ];

     

       26
       -
               })

     

       27
        
             ];

     

       28
        
           };

     

       29
        
           defaultTemplate.path = ./template;

···

       1
        
       {

     

       2
        
         inputs = {

     

       3
       +
           nixpkgs.url = "github:nixos/nixpkgs/nixos-24.11";

     

       4
       +
           nixos-mailserver.url = "gitlab:RyanGibb/nixos-mailserver/fork-24.05";

     

       5
        
           eon.url = "github:RyanGibb/eon";

     

       6
       +
       

     

       7
        
           eon.inputs.nixpkgs.follows = "nixpkgs";

     

       8
       +
           nixos-mailserver.inputs.nixpkgs.follows = "nixpkgs";

     

       9
        
         };

     

       10
        
       

     

       11
       +
         outputs = { nixpkgs, nixos-mailserver, eon, ... }: {

     

       12
        
           packages = nixpkgs.lib.genAttrs nixpkgs.lib.systems.flakeExposed (system:

     

       13
        
             let pkgs = nixpkgs.legacyPackages.${system};

     

       14
       +
             in {

     

       15
       +
               manpage = import ./man { inherit pkgs system nixos-mailserver; };

     

       16
       +
               packages.mautrix-meta = (pkgs.callPackage ./pkgs/mautrix-meta.nix { });

     

       17
       +
             });

     

       18
        
       

     

       19
        
           nixosModules.default = {

     

       20
        
             imports = [

     
···

       22
        
               nixos-mailserver.nixosModule

     

       23
        
               eon.nixosModules.default

     

       24
        
               eon.nixosModules.acme

     

       25
       +
               {

     

       26
        
                 nixpkgs.overlays = [

     

       27
        
                   (final: prev: {

     

       28
        
                     mautrix-meta = (prev.callPackage ./pkgs/mautrix-meta.nix { });

     

       29
        
                   })

     

       30
        
                 ];

     

       31
       +
               }

     

       32
        
             ];

     

       33
        
           };

     

       34
        
           defaultTemplate.path = ./template;

modules/default.nix

···

       10
        
           ./mailserver.nix

     

       11
        
           ./gitea.nix

     

       12
        
           ./dns.nix

     

       0
        
       
     

       13
        
           ./matrix/synapse.nix

     

       14
        
           ./matrix/mautrix-instagram.nix

     

       15
        
           ./matrix/mautrix-messenger.nix

···

       10
        
           ./mailserver.nix

     

       11
        
           ./gitea.nix

     

       12
        
           ./dns.nix

     

       13
       +
           ./fail2ban.nix

     

       14
        
           ./matrix/synapse.nix

     

       15
        
           ./matrix/mautrix-instagram.nix

     

       16
        
           ./matrix/mautrix-messenger.nix

+42

modules/fail2ban.nix

···

       1
       +
       { config, pkgs, lib, ... }:

     

       2
       +
       

     

       3
       +
       with lib;

     

       4
       +
       let cfg = config.eilean;

     

       5
       +
       in {

     

       6
       +
         options.eilean.fail2ban = {

     

       7
       +
           enable = mkEnableOption "TURN server";

     

       8
       +
           radicale = mkOption {

     

       9
       +
             type = types.bool;

     

       10
       +
             default = cfg.radicale.enable;

     

       11
       +
           };

     

       12
       +
         };

     

       13
       +
       

     

       14
       +
         config = mkIf cfg.fail2ban.enable {

     

       15
       +
           services.fail2ban = {

     

       16
       +
             enable = true;

     

       17
       +
             bantime = "24h";

     

       18
       +
             bantime-increment = {

     

       19
       +
               enable = true;

     

       20
       +
               multipliers = "1 2 4 8 16 32 64";

     

       21
       +
               maxtime = "168h";

     

       22
       +
               overalljails = true;

     

       23
       +
             };

     

       24
       +
             jails."radicale".settings = mkIf cfg.fail2ban.radicale {

     

       25
       +
               port = "5232";

     

       26
       +
               filter = "radicale";

     

       27
       +
               banaction = "%(banaction_allports)s[name=radicale]";

     

       28
       +
               backend = "systemd";

     

       29
       +
               journalmatch = "_SYSTEMD_UNIT=radicale.service";

     

       30
       +
               maxRetry = 2;

     

       31
       +
               bantime = -1;

     

       32
       +
               findtime = 14400;

     

       33
       +
             };

     

       34
       +
           };

     

       35
       +
           environment.etc = {

     

       36
       +
             "fail2ban/filter.d/radicale.local".text = mkIf cfg.fail2ban.radicale ''

     

       37
       +
               [Definition]

     

       38
       +
               failregex = ^.*Failed\slogin\sattempt\sfrom\s.*\(forwarded for \'<HOST>\'.*\):\s.*

     

       39
       +
             '';

     

       40
       +
           };

     

       41
       +
         };

     

       42
       +
       }

-5

modules/headscale.nix

···

       30
        
               server_url = "https://${cfg.headscale.domain}";

     

       31
        
               logtail.enabled = false;

     

       32
        
               ip_prefixes = [ "100.64.0.0/10" "fd7a:115c:a1e0::/48" ];

     

       33
       -
               dns_config = {

     

       34
       -
                 # magicDns = true;

     

       35
       -
                 nameservers = config.networking.nameservers;

     

       36
       -
                 base_domain = "${cfg.headscale.zone}";

     

       37
       -
               };

     

       38
        
             };

     

       39
        
           };

     

       40

···

       30
        
               server_url = "https://${cfg.headscale.domain}";

     

       31
        
               logtail.enabled = false;

     

       32
        
               ip_prefixes = [ "100.64.0.0/10" "fd7a:115c:a1e0::/48" ];

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       33
        
             };

     

       34
        
           };

     

       35

+12 -7

modules/matrix/synapse.nix

···

       110
        
                 '';

     

       111
        
       

     

       112
        
                 # forward all Matrix API calls to the synapse Matrix homeserver

     

       113
       -
                 locations."/_matrix" = {

     

       114
       -
                   proxyPass = "http://127.0.0.1:8008"; # without a trailing /

     

       115
       -
                   #proxyPassReverse = "http://127.0.0.1:8008"; # without a trailing /

     

       116
        
                 };

     

       117
        
               };

     

       118
        
             };

     
···

       138
        
                   }];

     

       139
        
                 }];

     

       140
        
                 max_upload_size = "100M";

     

       141
       -
                 app_service_config_files = (optional cfg.matrix.bridges.whatsapp

     

       142
       -
                   "/var/lib/mautrix-whatsapp/whatsapp-registration.yaml")

     

       143
       -
                   ++ (optional cfg.matrix.bridges.instagram

     

       144
       -
                     "/var/lib/mautrix-instagram/instagram-registration.yaml")

     

       145
        
                   ++ (optional cfg.matrix.bridges.messenger

     

       146
        
                     "/var/lib/mautrix-messenger/messenger-registration.yaml");

     

       147
        
               }

     
···

       196
        
             settings.bridge.history_sync.backfill = false;

     

       197
        
             settings.bridge.permissions."@${config.eilean.username}:${domain}" =

     

       198
        
               "admin";

     

       0
        
       
     

       0
        
       
     

       199
        
           };

     

       200
        
           # using https://github.com/NixOS/nixpkgs/pull/277368

     

       201
        
           services.mautrix-signal = mkIf cfg.matrix.bridges.signal {

     
···

       207
        
             settings.bridge.personal_filtering_spaces = true;

     

       208
        
             settings.bridge.permissions."@${config.eilean.username}:${domain}" =

     

       209
        
               "admin";

     

       0
        
       
     

       0
        
       
     

       210
        
           };

     

       211
        
           # TODO replace with upstreamed mautrix-meta

     

       212
        
           services.mautrix-instagram = mkIf cfg.matrix.bridges.instagram {

     
···

       219
        
             settings.bridge.backfill.enabled = false;

     

       220
        
             settings.bridge.permissions."@${config.eilean.username}:${domain}" =

     

       221
        
               "admin";

     

       0
        
       
     

       0
        
       
     

       222
        
           };

     

       223
        
           services.mautrix-messenger = mkIf cfg.matrix.bridges.messenger {

     

       224
        
             enable = true;

     
···

       230
        
             settings.bridge.backfill.enabled = false;

     

       231
        
             settings.bridge.permissions."@${config.eilean.username}:${domain}" =

     

       232
        
               "admin";

     

       0
        
       
     

       0
        
       
     

       233
        
           };

     

       234
        
       

     

       235
        
           eilean.turn.enable = mkIf cfg.matrix.turn true;

···

       110
        
                 '';

     

       111
        
       

     

       112
        
                 # forward all Matrix API calls to the synapse Matrix homeserver

     

       113
       +
                 locations."~ ^(\\/_matrix|\\/_synapse\\/client)" = {

     

       114
       +
                   proxyPass = "http://127.0.0.1:8008";

     

       0
        
       
     

       115
        
                 };

     

       116
        
               };

     

       117
        
             };

     
···

       137
        
                   }];

     

       138
        
                 }];

     

       139
        
                 max_upload_size = "100M";

     

       140
       +
                 app_service_config_files = (optional cfg.matrix.bridges.instagram

     

       141
       +
                   "/var/lib/mautrix-instagram/instagram-registration.yaml")

     

       0
        
       
     

       0
        
       
     

       142
        
                   ++ (optional cfg.matrix.bridges.messenger

     

       143
        
                     "/var/lib/mautrix-messenger/messenger-registration.yaml");

     

       144
        
               }

     
···

       193
        
             settings.bridge.history_sync.backfill = false;

     

       194
        
             settings.bridge.permissions."@${config.eilean.username}:${domain}" =

     

       195
        
               "admin";

     

       196
       +
             settings.bridge.encryption.allow = true;

     

       197
       +
             settings.bridge.encryption.default = true;

     

       198
        
           };

     

       199
        
           # using https://github.com/NixOS/nixpkgs/pull/277368

     

       200
        
           services.mautrix-signal = mkIf cfg.matrix.bridges.signal {

     
···

       206
        
             settings.bridge.personal_filtering_spaces = true;

     

       207
        
             settings.bridge.permissions."@${config.eilean.username}:${domain}" =

     

       208
        
               "admin";

     

       209
       +
             settings.bridge.encryption.allow = true;

     

       210
       +
             settings.bridge.encryption.default = true;

     

       211
        
           };

     

       212
        
           # TODO replace with upstreamed mautrix-meta

     

       213
        
           services.mautrix-instagram = mkIf cfg.matrix.bridges.instagram {

     
···

       220
        
             settings.bridge.backfill.enabled = false;

     

       221
        
             settings.bridge.permissions."@${config.eilean.username}:${domain}" =

     

       222
        
               "admin";

     

       223
       +
             settings.bridge.encryption.allow = true;

     

       224
       +
             settings.bridge.encryption.default = true;

     

       225
        
           };

     

       226
        
           services.mautrix-messenger = mkIf cfg.matrix.bridges.messenger {

     

       227
        
             enable = true;

     
···

       233
        
             settings.bridge.backfill.enabled = false;

     

       234
        
             settings.bridge.permissions."@${config.eilean.username}:${domain}" =

     

       235
        
               "admin";

     

       236
       +
             settings.bridge.encryption.allow = true;

     

       237
       +
             settings.bridge.encryption.default = true;

     

       238
        
           };

     

       239
        
       

     

       240
        
           eilean.turn.enable = mkIf cfg.matrix.turn true;

+2 -2

modules/radicale.nix

···

       20
        
         options.eilean.radicale = {

     

       21
        
           enable = mkEnableOption "radicale";

     

       22
        
           users = mkOption {

     

       23
       -
             type = with types; attrsOf (submodule userOps);

     

       24
        
             default = { };

     

       25
        
           };

     

       26
        
         };

     
···

       41
        
       

     

       42
        
           systemd.services.radicale = {

     

       43
        
             serviceConfig.ReadWritePaths = [ "/var/lib/radicale" ];

     

       44
       -
             preStart = ''

     

       45
        
               if (! test -d "${passwdDir}"); then

     

       46
        
                 mkdir "${passwdDir}"

     

       47
        
                 chmod 755 "${passwdDir}"

···

       20
        
         options.eilean.radicale = {

     

       21
        
           enable = mkEnableOption "radicale";

     

       22
        
           users = mkOption {

     

       23
       +
             type = with types; nullOr (attrsOf (submodule userOps));

     

       24
        
             default = { };

     

       25
        
           };

     

       26
        
         };

     
···

       41
        
       

     

       42
        
           systemd.services.radicale = {

     

       43
        
             serviceConfig.ReadWritePaths = [ "/var/lib/radicale" ];

     

       44
       +
             preStart = lib.mkIf (cfg.radicale.users != null) ''

     

       45
        
               if (! test -d "${passwdDir}"); then

     

       46
        
                 mkdir "${passwdDir}"

     

       47
        
                 chmod 755 "${passwdDir}"

+26

modules/services/dns/eon.nix

···

       13
        
               }/${zonename}";

     

       14
        
           in lib.attrsets.mapAttrsToList mapZonefile cfg.zones;

     

       15
        
         };

     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       0
        
       
     

       16
        
       }

···

       13
        
               }/${zonename}";

     

       14
        
           in lib.attrsets.mapAttrsToList mapZonefile cfg.zones;

     

       15
        
         };

     

       16
       +
       

     

       17
       +
         users.users = { eon.extraGroups = [ config.services.opendkim.group ]; };

     

       18
       +
       

     

       19
       +
         ### bind prestart copy zonefiles

     

       20
       +
         systemd.services.eon.postStart = let

     

       21
       +
           update = ''

     

       22
       +
             update() {

     

       23
       +
               local file="$1"

     

       24
       +
               local domain="$2"

     

       25
       +
               local input=$(tr -d '\n' < "$file")

     

       26
       +
               local record_name=$(echo "$input" | ${pkgs.gawk}/bin/awk '{print $1}')

     

       27
       +
               local record_type=$(echo "$input" | ${pkgs.gawk}/bin/awk '{print $3}')

     

       28
       +
               local ttl=3600

     

       29
       +
               local record_value=$(echo "$input" | ${pkgs.gnused}/bin/sed -E 's/[^"]*"([^"]*)"[^"]*/\1/g')

     

       30
       +
               ${config.services.eon.package}/bin/capc update /var/lib/eon/caps/domain/''${domain}.cap -u "add|''${record_name}.''${domain}|''${record_type}|''${record_value}|''${ttl}" || exit 0

     

       31
       +
             }

     

       32
       +
             shopt -s nullglob

     

       33
       +
           '';

     

       34
       +
           ops = let

     

       35
       +
             mapZones = zonename: zone: ''

     

       36
       +
               for f in ${config.mailserver.dkimKeyDirectory}/${zonename}.*.txt; do

     

       37
       +
                 update $f ${zonename}

     

       38
       +
               done

     

       39
       +
             '';

     

       40
       +
           in lib.attrsets.mapAttrsToList mapZones cfg.zones;

     

       41
       +
         in update + builtins.concatStringsSep "\n" ops;

     

       42
        
       }

+3 -1

modules/turn.nix

···

       39
        
               script = ''

     

       40
        
                 if [ ! -f '${staticAuthSecretFile}' ]; then

     

       41
        
                   umask 077

     

       0
        
       
     

       0
        
       
     

       42
        
                   tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > '${staticAuthSecretFile}'

     

       43
       -
                   chown ${config.systemd.services.coturn.serviceConfig.User}:${config.systemd.services.coturn.serviceConfig.Group} '${staticAuthSecretFile}'

     

       44
        
                 fi

     

       45
        
               '';

     

       46
        
               serviceConfig.Type = "oneshot";

···

       39
        
               script = ''

     

       40
        
                 if [ ! -f '${staticAuthSecretFile}' ]; then

     

       41
        
                   umask 077

     

       42
       +
                   DIR="$(dirname '${staticAuthSecretFile}')"

     

       43
       +
                   mkdir -p "$DIR"

     

       44
        
                   tr -dc A-Za-z0-9 </dev/urandom | head -c 32 > '${staticAuthSecretFile}'

     

       45
       +
                   chown -R ${config.systemd.services.coturn.serviceConfig.User}:${config.systemd.services.coturn.serviceConfig.Group} "$DIR"

     

       46
        
                 fi

     

       47
        
               '';

     

       48
        
               serviceConfig.Type = "oneshot";

+6 -4

pkgs/mautrix-meta.nix

···

       1
        
       { lib, buildGoModule, fetchFromGitHub, olm }:

     

       2
        
       

     

       3
       -
       buildGoModule rec {

     

       0
        
       
     

       4
        
         name = "mautrix-meta";

     

       0
        
       
     

       5
        
       

     

       6
        
         src = fetchFromGitHub {

     

       7
        
           owner = "mautrix";

     

       8
        
           repo = "meta";

     

       9
       -
           rev = "7941e937055b792d2cbfde5d9c8c4df75e68ff0a";

     

       10
       -
           hash = "sha256-QDqN6AAaEngWo4UxKAyIXB7BwCEJqsMTeuMb2fKu/9o=";

     

       11
        
         };

     

       12
        
       

     

       13
        
         buildInputs = [ olm ];

     

       14
        
       

     

       15
       -
         vendorHash = "sha256-ClHg3OEKgXYsmBm/aFKWZXbaLOmKdNyvw42QGhtTRik=";

     

       16
        
       

     

       17
        
         doCheck = false;

     

       18

···

       1
        
       { lib, buildGoModule, fetchFromGitHub, olm }:

     

       2
        
       

     

       3
       +
       let version = "0.4.4";

     

       4
       +
       in buildGoModule rec {

     

       5
        
         name = "mautrix-meta";

     

       6
       +
         inherit version;

     

       7
        
       

     

       8
        
         src = fetchFromGitHub {

     

       9
        
           owner = "mautrix";

     

       10
        
           repo = "meta";

     

       11
       +
           rev = "v${version}";

     

       12
       +
           hash = "sha256-S8x3TGQEs+oh/3Q1Gz00M8dOcjjuHSgzVhqlbikZ8QE=";

     

       13
        
         };

     

       14
        
       

     

       15
        
         buildInputs = [ olm ];

     

       16
        
       

     

       17
       +
         vendorHash = "sha256-sUnvwPJQOoVzxbo2lS3CRcTrWsPjgYPsKClVw1wZJdM=";

     

       18
        
       

     

       19
        
         doCheck = false;

     

       20

Compare changes